+ Post New Thread
Page 3 of 4 FirstFirst 1234 LastLast
Results 31 to 45 of 55
How do you do....it? Thread, Redirect URLS BYOD Network? in Technical; Originally Posted by FN-GM Does PFSense captive portal need to use a username and password? I dont want to use ...
  1. #31
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,605
    Thank Post
    544
    Thanked 301 Times in 277 Posts
    Rep Power
    85
    Quote Originally Posted by FN-GM View Post
    Does PFSense captive portal need to use a username and password? I dont want to use that, i just want it to redirect.

    Do you set PFSense as your default gateway?
    No it doesnt you can set it not to ask for Username and Password and just redirect traffic to another location, we've had it setup like that before.

    Untangle is good but not as good as Pf, Its a lot heavier on resources and doesnt seem as intuitive.

    We have Pfsense on 3 different SSID's and on three different VLANS, the problem is that if you use the standard user manager in the Wb GUI then the same user can authenticate on any of the SSID's... not always desirable, but if you go to packages and install FreeRadius you can use that as the authentication for captive portal instead and can set RADIUS to listen to a certain Interface / MAC address and if you do it right If you have different VLANS tied to different SSID's you can get the authentication to work separately on each different SSID.

    PfSense can also act as an 802.1x server so it will drop you onto the right VLAN once you authenticate making locking things down alot easier.

    Pf also has the DG and Squid proxy for filtering (again in the packages) just click add package and configure. I have used DG and Squid on Pfsense before, the joy is you get a nice Web GUI.

    PfSense supports SSL also. I'd urge people to build a pfsense box and have a play... you'll be pleasently surprised at how powerful it is, I was also watching a DefCon vid the other night, some guys where trying to hack into enterprise level routers and got into some of them using back doors, all of a sudden one guy said something about they have never yet gotten into a PfSense router as they are so secure!, added bonus!

    And as I say we've got this up & running in a few hotspots around the city, with the captive portal page being fully customizable it works great! It's so easy to manage that we have non-admin staff able to manage the basic aspects of adding users to captive portal if they need to, any problems because openvpn comes with PfSense we just VPN in an solve any issues.
    Last edited by cpjitservices; 13th November 2012 at 11:01 PM.

  2. #32

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    151
    sounds like i should forget the untangle build and go directly to PF....

    watch this space.

  3. Thanks to twin--turbo from:

    cpjitservices (13th November 2012)

  4. #33

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,373
    Thank Post
    906
    Thanked 1,811 Times in 1,559 Posts
    Blog Entries
    12
    Rep Power
    468
    Quote Originally Posted by twin--turbo View Post
    the DG has a DG of the vlan interface, the access rules only permit the captive box . This is assuming the captive box is proxying and can do ssl if you need it.

    it may be simpler to run a transparent bridge.



    your more or less wanting exactly what I am working through by the sound of it. I will send over my bank details via PM for the consultancy

    Rob
    Its exactly what i want. I set the DG as the VLAN DG thats no problem. But how would PFsense get to the client. How would the clients talk to PFsense to know to get redirected automatically?

    Thank you.

  5. #34
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,605
    Thank Post
    544
    Thanked 301 Times in 277 Posts
    Rep Power
    85
    The way pfsense works is you assign the captive portal onto an interface, so ETH0 for example so any traffic that hits ETH0 will be intercepted and hit with Captive Portal.

    So if you set you DG to the VLAN DG and that VLAN is assigned to an interface in PF (which it will be) and you set Captive Portal to listen on that interface your then your banging - any traffic hitting that interface will need to go through Captive Portal or be re-directed.

    @twin--turbo - if you need any help with pfsense let me know - iv'e spent many an hour working with it and it hasnt let me down so far.

    Below is an example of someone adding captive portal onto the LAN interface, the Web GUI has been massively improved since this image (luckily)

    http://www.fikirdenizi.com/uploads/1...-portal-03.jpg
    Pfsense Interface Assign
    Last edited by cpjitservices; 13th November 2012 at 11:23 PM.

  6. #35
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,605
    Thank Post
    544
    Thanked 301 Times in 277 Posts
    Rep Power
    85
    For those interested you can also use Pf as a basic UTM, although I've never done it but you can get anti-virus packages and web filtering... and more but cant remember off the top of my head but Google pfsense as UTM and you'll see some examples.

  7. #36

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,373
    Thank Post
    906
    Thanked 1,811 Times in 1,559 Posts
    Blog Entries
    12
    Rep Power
    468
    that VLAN is assigned to an interface in PF (which it will be)
    How would you go about this please? Im trying to learn more about Cisco kit so taking baby steps here Would a static route do the trick?

  8. #37
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,605
    Thank Post
    544
    Thanked 301 Times in 277 Posts
    Rep Power
    85
    Its been a while since I touched on Cisco but with Cisco Routers and VLANS you can do router on a stick and use a sub interface for example int fa0/0.1 would be a subinterface of FA 0/0.

    or change the 1 to the VLAN number.

    On the switches you'd go into

    Int FA */*
    switchport mode
    switchport mode access VLAN10

    I think thats correct - that will assign that VLAN to that interface - I may stand corrected as it's been a longggg time since I did VLANS on Cisco, I do have VLANS on Cisco but it was done that long ago I cant remember.

    The switches I'm on about here are Layer 2 and not layer 3, on my Juniper EX2200 (Layer3) you just go into the port or group of ports and assign to a VLAN-ID and then just Tag out uplink port with all the VLANS for it to trunk them.

  9. #38

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,373
    Thank Post
    906
    Thanked 1,811 Times in 1,559 Posts
    Blog Entries
    12
    Rep Power
    468
    Ok yer i have that assign a vlan to a port easy. I am just confused how the BYOD client gets to pfsense, this bit i cant grasp. It wont be by the DG because you need that to be set to the VLAN DG. How does the traffic actually hit pfsense?

    Thanks

  10. #39

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    151
    You either assign the PFSense as the DG and have it's DG as the vlan interface IP.

    Or out PFSense as a transparent bridge , stick one of it's ports on your vlan and then connect the other port to a downstream switch for you BYOD, that way all traffic passes through it before hitting the cisco.

  11. Thanks to twin--turbo from:

    FN-GM (14th November 2012)

  12. #40

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,373
    Thank Post
    906
    Thanked 1,811 Times in 1,559 Posts
    Blog Entries
    12
    Rep Power
    468
    There are that many release of PFsense what do i pick? Will this do? - pfSense-2.0.1-RELEASE-amd64.iso.gz Thanks
    Last edited by FN-GM; 14th November 2012 at 10:12 AM.

  13. #41

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    151
    yes that one or the i386 depending on your hardware.

  14. #42

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,373
    Thank Post
    906
    Thanked 1,811 Times in 1,559 Posts
    Blog Entries
    12
    Rep Power
    468
    Quote Originally Posted by twin--turbo View Post
    yes that one or the i386 depending on your hardware.
    Vmware so might as well go 64 bit. Thanks

  15. #43

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,373
    Thank Post
    906
    Thanked 1,811 Times in 1,559 Posts
    Blog Entries
    12
    Rep Power
    468
    Talking about your diagram on the other thread. I dont want a BYOD switch as such as BYOD will be located in allot of areas so i want to keep to a BYOD VLAN. I put the PFsense server in the BYOD VLAN, the clients DG will be PFsense and PFsense DG will be the vlan interface. For this setup do i need 2 nics in PF sense?

    Thanks

  16. #44

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    151
    Race you........

    Rob

  17. #45

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    151
    you can do it by not having a vlan interface on the BYOD vlan ( preventing it routing ) and brdiging the pf between one of the other vlans on the switch and the byod vlan.

    Rob



SHARE:
+ Post New Thread
Page 3 of 4 FirstFirst 1234 LastLast

Similar Threads

  1. Replies: 0
    Last Post: 1st October 2010, 12:27 PM
  2. Redirecting URL automatically!!!
    By marvin in forum Windows
    Replies: 6
    Last Post: 20th November 2008, 03:19 PM
  3. Replies: 4
    Last Post: 15th November 2008, 07:54 PM
  4. Mapped Network Drive with Redirected Folders
    By SpuffMonkey in forum How do you do....it?
    Replies: 5
    Last Post: 2nd November 2006, 06:23 PM
  5. Question about redirection of default ISA url
    By tosca925 in forum Windows
    Replies: 0
    Last Post: 9th September 2006, 10:29 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •